mirrors
/
poi
mirror of https://github.com/apache/poi.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 100 Wiki Activity
Browse Source

Bug 66425: Avoid an AssertionError found via oss-fuzz 

We try to avoid throwing AssertionError to be triggered by input data, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61251

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911514 13f79535-47bb-0310-9956-ffa450edef68
tags/REL_5_2_4
Dominik Stadler 9 months ago
parent
f6b1435db1
commit
2c5264277a
5 changed files with 14 additions and 1 deletions
Unified View Show Diff Stats
  1. 2
    0
      poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java
  2. 8
    1
      poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java
  3. 4
    0
      poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java
  4. BIN
      test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt
  5. BIN
      test-data/spreadsheet/stress.xls

+ 2
- 0
poi-integration/src/test/java/org/apache/poi/stress/HSLFFileHandler.java View File

} }


handleExtracting(file); handleExtracting(file);

handleAdditional(file);
} }


public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {

+ 8
- 1
poi-scratchpad/src/main/java/org/apache/poi/hslf/record/EscherPlaceholder.java View File

import java.util.Map; import java.util.Map;
import java.util.function.Supplier; import java.util.function.Supplier;


import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.poi.ddf.EscherRecord; import org.apache.poi.ddf.EscherRecord;
import org.apache.poi.ddf.EscherRecordFactory; import org.apache.poi.ddf.EscherRecordFactory;
import org.apache.poi.ddf.EscherSerializationListener; import org.apache.poi.ddf.EscherSerializationListener;
* the slide layout as specified in the SlideAtom record. * the slide layout as specified in the SlideAtom record.
*/ */
public class EscherPlaceholder extends EscherRecord { public class EscherPlaceholder extends EscherRecord {
private static final Logger LOG = LogManager.getLogger(EscherPlaceholder.class);

public static final short RECORD_ID = RecordTypes.OEPlaceholderAtom.typeID; public static final short RECORD_ID = RecordTypes.OEPlaceholderAtom.typeID;
public static final String RECORD_DESCRIPTION = "msofbtClientTextboxPlaceholder"; public static final String RECORD_DESCRIPTION = "msofbtClientTextboxPlaceholder";


size = data[offset+13]; size = data[offset+13];
unused = LittleEndian.getShort(data, offset+14); unused = LittleEndian.getShort(data, offset+14);


assert(bytesRemaining + 8 == 16);
if (bytesRemaining + 8 != 16) {
LOG.warn("Invalid header-data received, should have 8 bytes left, but had: " + bytesRemaining);
}

return bytesRemaining + 8; return bytesRemaining + 8;
} }



+ 4
- 0
poi-scratchpad/src/main/java/org/apache/poi/hslf/usermodel/HSLFShape.java View File

} }


public <T extends EscherRecord> T getEscherChild(int recordId){ public <T extends EscherRecord> T getEscherChild(int recordId){
if (_escherContainer == null) {
throw new IllegalStateException("Did not have a container for fetching children");
}

return _escherContainer.getChildById((short)recordId); return _escherContainer.getChildById((short)recordId);
} }



BIN
test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-4630915954114560.ppt View File


BIN
test-data/spreadsheet/stress.xls View File


Write Preview
Loading…
Cancel
Save